There are four levels of PCI compliance, each with its own set of requirements. The higher the level, the more stringent the requirements.
Level 1: This is the highest level of PCI compliance and is reserved for organizations that process over six million transactions per year. To achieve Level 1 compliance, businesses must undergo an annual on-site assessment by a qualified security assessor, as well as quarterly network scans by an authorized scanning vendor.
Level 2: This level is for organizations that process one to six million transactions per year. To achieve Level 2 compliance, businesses must undergo an annual self-assessment questionnaire and quarterly network scans by an authorized scanning vendor.
Level 3: This level is for organizations that process 20,000 to one million transactions per year. To achieve Level 3 compliance, businesses must undergo an annual self-assessment questionnaire and network scans every three months by an authorized scanning vendor.
Level 4: This is the lowest level of PCI compliance and is reserved for organizations that process fewer than 20,000 transactions per year. To achieve Level 4 compliance, businesses must complete a self-assessment questionnaire annually. Network scans are not required at this level.
As you can see, the requirements for PCI compliance become more stringent as the level increases. This is because businesses that process more transactions are generally considered to be a greater risk for credit card fraud.
The best way to ensure that your business is compliant with PCI is to work with a qualified security consultant who can help you understand the requirements and develop a plan for meeting them. failure to comply with PCI can result in hefty fines, so it’s important to take this seriously. If you’re not sure where to start, the PCI Security Standards Council provides a list of qualified security assessors on their website.
